RETAIL SECTOR FACES SERIOUS IT SECURITY ISSUES

Published 9th September 2008

9 September 2008: The retail sector needs to set out its stall and ring the changes in its security vulnerabilities if it is to avoid the potential for hackers to gain unauthorised system access and disrupt service availability, according to NTA Monitor’s 2008 Annual Security Report. The retail sector was the third worst out of the 10 sectors tested and saw the largest annual increase (25 per cent) in the average number of risks. Although five of the 10 industry sectors tested, avoided high risk vulnerabilities altogether, retail was the only sector to demonstrate an increase in high risks since the previous year, despite the fact that it is the sector with the highest level of interaction with the public.

As a PCI Standards Council Approved Scanning Vendor, NTA Monitor knows only too well the serious situations that a company with significant security vulnerabilities can find itself in.

NTA Monitor’s Annual Security Report analyses data from external Internet vulnerability tests conducted for UK organisations across a wide range of industry sectors, including charities, education, finance, government, IT, law and retail.

Roy Hills, Technical Director at NTA Monitor, says: “This lack of attention to security makes retailers vulnerable on many levels. High risk vulnerabilities are widely known and actively exploited by hackers leaving many companies susceptible to attacks such as a buffer overflow on a server, malicious code being executed or gaining unauthorised entry to the corporate network. The industry relies on customer loyalty so if a customer has their personal details stolen or a publicised security incident occurs, they are sure to tell many more people than if they had received a good service, which could result in a loss of custom.”

NTA Monitor can advise companies on the specific issues that need addressing, but also has generic advice on how organisations can get their house in order:

• Apply patches and updates as soon as they become available to address the latest vulnerabilities
• Ensure that preventative action is an ongoing process
• Educate and make it a commitment for all staff, to be aware of Internet security issues
• Update the security policy regularly and ensure that it is publicised and communicated.

A copy of the NTA Monitor Annual Security Report 2008 is available on request from NTA Monitor. Call 01634 721855 and ask for Jude Holmes or email marketing@nta-monitor.com.
-ends-
About NTA Monitor
NTA Monitor, www.nta-monitor.com, is a market leading, innovative IT security testing, auditing and consultancy company that helps to protect its 600+ customers from loss of revenue and reputation.

The company provides a range of security services including vulnerability testing, web application testing, wireless infrastructure testing, BlackBerry and laptop security testing, IT risk assessments, security policy and procedure reviews and network architecture auditing in order to help prevent unauthorised access to organisation’s networks and data. NTA regularly finds new vulnerabilities through its test projects and research and development programmes.

NTA is a founder member of the CESG 'CHECK' scheme and the newly-founded CREST (Council for Registered Ethical Security Testers). NTA is also an Approved Scanning Vendor (ASV) under the Payment Card Industry Data Security Standard (PCI DSS).

For further information, please contact:
Jacqui Delbaere or Elaine Calvert, Delbaere Public Relations

Email: jacqui.delbaere@btinternet.com or Tel: 0560 2496237 / 07770 828791
Email: elaine.calvert1@talktalk.net or Tel: 07764 614113